- What's New
- Function Overview
- Service Overview
- Billing
- Getting Started
-
User Guide
- Buying SecMaster
- Authorizing SecMaster
- Viewing Security Overview
- Workspaces
- Viewing Purchased Resources
- Security Situation
- Resource Manager
- Risk Prevention
- Threat Operations
- Security Orchestration
-
Playbook Overview
- Ransomware Incident Response Solution
- Attack Link Analysis Alert Notification
- HSS Isolation and Killing of Malware
- Automatic Renaming of Alert Names
- Auto High-Risk Vulnerability Notification
- Automatic Notification of High-Risk Alerts
- Auto Blocking for High-risk Alerts
- Real-time Notification of Critical Organization and Management Operations
-
Settings
- Data Integration
-
Log Data Collection
- Data Collection Overview
- Adding a Node
- Configuring a Component
- Adding a Connection
- Creating and Editing a Parser
- Adding and Editing a Collection Channel
- Managing Connections
- Managing Parsers
- Managing Collection Channels
- Viewing Collection Nodes
- Managing Nodes and Components
- Partitioning a Disk
- Logstash Configuration Description
- Connector Rules
- Parser Rules
- Upgrading the Component Controller
- Customizing Directories
- Permissions Management
- Key Operations Recorded by CTS
-
Best Practices
-
Log Access and Transfer Operation Guide
- Solution Overview
- Resource Planning
- Process Flow
-
Procedure
- (Optional) Step 1: Buy an ECS
- (Optional) Step 2: Buy a Data Disk
- (Optional) Step 3: Attach a Data Disk
- Step 4: Create a Non-administrator IAM User
- Step 5: Configure Network Connection
- Step 6: Install the Component Controller (isap-agent)
- Step 7: Install the Log Collection Component (Logstash)
- (Optional) Step 8: Creating a Log Storage Pipeline
- Step 9: Configure a Connector
- (Optional) Step 10: Configure a Log Parser
- Step 11: Configure a Log Collection Channel
- Step 12: Verify Log Access and Transfer
- Credential Leakage Response Solution
-
Log Access and Transfer Operation Guide
-
API Reference
- Before You Start
- API Overview
- Calling APIs
-
API
- Alert Management
- Incident Management
- Indicator Management
- Playbook Management
- Alert Rule Management
- Playbook Version Management
- Playbook Rule Management
- Playbook Instance Management
- Playbook Approval Management
- Playbook Action Management
- Incident Relationship Management
- Data Class Management
- Workflow Management
- Data Space Management
- Pipelines
- Workspace Management
- Metering and Billing
- Metric Query
- Baseline Inspection
- Appendix
- FAQs
Show all
(Optional) Step 8: Creating a Log Storage Pipeline
This topic describes how to create a log storage location (pipeline) in SecMaster for log storage and analysis.
This step is required when you transfer security logs from non-Huawei Cloud systems to SecMaster. Skip this step if you only need to transfer Huawei Cloud logs to a third-party system or product.
Creating a Log Storage Pipeline
- Log in to the management console.
- Click
in the upper left corner of the page and choose Security & Compliance > SecMaster. - In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.
Figure 1 Workspace management page
- In the navigation pane on the left, choose Threat Operations > Security Analysis. The Security Analysis page is displayed.
Figure 2 Accessing the Security Analysis tab page
- Create a data space.
- In the upper left corner of the data space list, click Add. The Add Data Space panel is displayed on the right.
Figure 3 Add Data Space
- On the Add Data Space panel, set the parameters for the new data space.
Table 1 Parameters for adding a data space Parameter
Description
Data Space
Enter a data space name. The name must meet the following requirements:
- The name can contain 5 to 63 characters.
- The value can contain letters, numbers, and hyphens (-). The name cannot start or end with a hyphen (-) or contain consecutive hyphens (-).
- The name cannot be the same as any other data space name on Huawei Cloud.
Description
(Optional) Remarks of the data space.
- Click OK.
- In the upper left corner of the data space list, click Add. The Add Data Space panel is displayed on the right.
- In the data space navigation tree on the left, click
on the right of the data space name created in 5 and select Create Pipeline.
Figure 4 Creating a pipeline
- On the Create Pipeline page, configure pipeline parameters. For details about the parameters, see Table 2.
Table 2 Creating a pipeline Parameter
Description
Data Space
Data space to which the pipeline belongs, which is generated by the system by default.
Pipeline Name
Name of the pipeline. The name must meet the following requirements:
- The name can contain 5 to 63 characters.
- The value can contain letters, numbers, and hyphens (-). The name cannot start or end with a hyphen (-) or contain consecutive hyphens (-).
- The name must be unique in the data space.
Shards
The number of shards of the pipeline. The value ranges from 1 to 64.
An index can potentially store a large amount of data that exceeds the hardware limits of a single node. To solve this problem, Elasticsearch subdivides your index into multiple pieces called shards. When creating an index, you can specify the number of shards as required. Each shard is in itself a fully-functional and independent "index" that can be hosted on any node in the cluster.
Lifecycle
Life cycle of data in the pipeline. The value ranges from 7 to 180.
Description
Remarks on the pipeline. This parameter is optional.
- Click OK
After the pipeline is created, you can click the data space name to view the created pipeline.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
